Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/30 12:0 a.m.•28 views

JVN#95981715: Starlette vulnerable to directory traversal

Starlette provided by Encode contains a directory traversal vulnerability CWE-22. Impact Under certain conditions, a remote attacker may view files in a web service which was built using the product. Solution Update the software Update the software according to the information provided by the...

7.5CVSS7.4AI score0.02032EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/04 12:0 a.m.•28 views

JVN#75742861: Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool

National land numerical information data conversion tool provided by MLIT improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker. Solution Stop using the product The developer...

5.5CVSS5.4AI score0.00226EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/02/28 12:0 a.m.•28 views

JVN#78253670: web2py development tool vulnerable to open redirect

The admin development tool included in the web2py source code contains an open redirect vulnerability CWE-601. According to the developer, they do not recommend using the tool in operational environment or disclosing it on the Internet. Impact When using the tool, a web2py user may be redirected ...

6.1CVSS6.2AI score0.02382EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/07 12:0 a.m.•28 views

JVN#00845253: Growi vulnerable to improper access control

GROWI provided by WESEEK, Inc. contains an improper access control vulnerability CWE-284. Impact A user who can login to the affected product may download the markdown data from the pages set to private by the other users. Solution Update the software Update the software to the following versions...

6.5CVSS6.3AI score0.00782EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/05/24 12:0 a.m.•28 views

JVN#15241647: WordPress plugin "WP Statistics" vulnerable to cross-site scripting

WordPress plugin "WP Statistics" provided by VeronaLabs contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the web site using the product. Solution Update the plugin Update the plugin according to th...

6.1CVSS6AI score0.00969EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/09/28 12:0 a.m.•28 views

JVN#10168753: SNKRDUNK Market Place App for iOS vulnerable to improper server certificate verification

SNKRDUNK Market Place App for iOS provided SODA, Inc. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on and/or alter the communication. Solution Update the application Update the application to the latest...

7.4CVSS7AI score0.0047EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/06/30 12:0 a.m.•28 views

JVN#65660590: boastMachine vulnerable to cross-site scripting

boastMachine provided by knadh contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Stop using "boastMachine" The developer states that the product is no longer supported, therefore stop using the product. Products...

4.3CVSS6AI score0.0449EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/28 12:0 a.m.•28 views

JVN#63474730: CubeCart vulnerable to directory traversal

CubeCart from CubeCart Limited is an open source system for creating online shopping websites. CubeCart contains a directory traversal vulnerability CWE-22. Impact A local file outside of CubeCart may be accessed by an administrator of CubeCart. Solution Update the Software Update to the latest...

4.9CVSS4.9AI score0.02127EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/16 12:0 a.m.•28 views

JVN#42070907: Multiple SONY Videoconference Systems do not properly perform authentication

Multiple SONY Videoconference Systems have a default user account which does not require authentication to login to a device CWE-306. This user account has a privilege to view some of the system configuration files. As a result, the device may be manipulated by an attacker with administrative...

8.8CVSS8.8AI score0.00733EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/28 12:0 a.m.•28 views

JVN#20252219: kintone mobile for Android fails to verify SSL server certificates

kintone mobile for Android provided by Cybozu, Inc. fails to verify SSL server certificates in WebView. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provid...

5.9CVSS5.5AI score0.00728EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/15 12:0 a.m.•28 views

JVN#75396659: DERAEMON-CMS vulnerable to cross-site scripting

DERAEMON-CMS provided by TEAM DERAEMONS is a content management system CMS. install.php in DERAEMON-CMS contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing of the parameters hostname, database and username. Impact An arbitrary script may be executed on the user's web...

6.1CVSS6AI score0.01195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 12:0 a.m.•28 views

JVN#89211736: Cybozu Garoon vulnerable to authentication bypass

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an authentication bypass vulnerability. Impact A remote attacker may bypass login authentication. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...

9.8CVSS9.6AI score0.03284EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/19 12:0 a.m.•28 views

JVN#09836883: Geeklog IVYWE edition contains a cross-site scripting vulnerability

Geeklog is an open source content management system CMS. Geeklog IVYWE edition contains a cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the Patch Apply the appropriate patch according to the information provided by...

6.1CVSS6AI score0.01307EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/27 12:0 a.m.•28 views

JVN#42930233: QNAP QTS vulnerable to cross-site scripting

QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Update to the latest version of firmware according to the information provided by the...

6.1CVSS6.1AI score0.01021EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/24 12:0 a.m.•28 views

JVN#47363774: WordPress plugin "Welcart e-Commerce" vulnerable to PHP object injection

WordPress plugin "Welcart e-Commerce" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized. Impact A remote attacker may execute arbitrary PHP code. Solution Update the Software Update to the latest version according to the information provided ...

6.8CVSS5.9AI score0.02858EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•28 views

JVN#32218514: Cybozu Garoon vulnerable to open redirect

Cybozu Garoon is a groupware. Cybozu Garoon contains an open redirect vulnerability. Impact When accessing a specially crafted URL, a user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest...

7.4CVSS7.5AI score0.01789EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/27 12:0 a.m.•28 views

JVN#87859762: H2O use-after-free vulnerability

H2O is an open source web server software. H2O contains a use-after-free vulnerability. Impact An attacker may cause a denial-of-service DoS condition by sending a specially crafted packet. Solution Update the Software Update to the latest version according to the information provided by the...

7.5CVSS7.5AI score0.04448EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/16 12:0 a.m.•28 views

JVN#73166466: a-blog cms vulnerable to cross-site scripting

a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a cross-site scripting vulnerability in the standard template of the comment functionality. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the Patch Apply the patch...

6.1CVSS6.1AI score0.01195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/26 12:0 a.m.•28 views

JVN#73776243: EC-CUBE vulnerable to cross-site request forgery

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability CWE-352. Impact If an administrator views a malicious page while logged in, unintended operations may be performed. Solution Apply the update or the...

8.8CVSS8.6AI score0.00636EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/19 12:0 a.m.•28 views

JVN#46044093: LINE for Windows and LINE for Mac OS vulnerable to denial-of-service (DoS)

LINE for Windows and LINE for Mac OS contain a denial-of-service DoS vulnerability due to an issue in displaying the Timeline. Impact By displaying a specially crafted post in Timeline, the product may be abnormally terminated. Solution Update the software Update to the latest version according t...

5.7CVSS5.4AI score0.01071EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/22 12:0 a.m.•28 views

JVN#09268287: Multiple Buffalo network devices vulnerable to cross-site request forgery

Multiple network devices provided by BUFFALO INC. contain a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the firmware Update the firmware according to the information provided by...

8.8CVSS8.7AI score0.00541EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/20 12:0 a.m.•28 views

JVN#20649799: Void vulnerable to cross-site scripting

Void is an open source content management system CMS. Void contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the latest version according to the information provided by the developer...

4.3CVSS5.8AI score0.01786EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/16 12:0 a.m.•28 views

JVN#25576608: Avast vulnerable to directory traversal

Avast contains an issue in processing archive files, which may result in a directory traversal CWE-22 vulnerability. When an archive file such as zip is detected as containing a virus and the included virus file is being moved or deleted, the operation is done to the file path inside the archive...

6.4CVSS6.4AI score0.02969EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/02 12:0 a.m.•28 views

JVN#27548431: gollum vulnerable to file exposure

gollum is a wiki system that uses git repositories. gollum contains a vulnerability which may allow an attacker to view arbitrary files on the server. Impact A remote attacker may view arbitrary files on the server. Solution Update the Software Update to the latest version according to the...

4.3CVSS6.3AI score0.01876EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/15 12:0 a.m.•28 views

JVN#19011483: Thetis vulnerable to SQL injection

Thetis provided by Sysphonic Co., Ltd. is an open source groupware and SNS. Thetis contains a SQL injection CWE-89 vulnerability. Impact An attacker may obtain or alter information stored in the database. Solution Apply an Update Apply the update according to the information provided by the...

7.5CVSS6.9AI score0.0261EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/20 12:0 a.m.•28 views

JVN#64459670: mt-phpincgi vulnerable to PHP object injection

mt-phpincgi is script that runs Movable Type templates as PHP. mt-phpincgi contains a PHP object Injection vulnerability. According to the reporter, attacks that attempt to exploit this vulnerability have been confirmed. Impact Arbitrary PHP code may be executed on the server by an unauthenticate...

7.5CVSS7AI score0.01749EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/04 12:0 a.m.•28 views

JVN#91016415: Maroyaka Relay Novel vulnerable to cross-site scripting

Maroyaka Relay Novel provided by Maroyaka CGI is a CGI script for posting text into a website. Maroyaka Relay Novel contains a persistent cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...

4.3CVSS6AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/09 12:0 a.m.•28 views

JVN#98097877: "Omake BBS" of i-HTTPD vulnerable to cross-site scripting

i-HTTPD is a web server for Windows. i-HTTPD contains "Omake BBS". "Omake BBS" contains a flaw in processing input character string, which may result in a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use...

4.3CVSS5.8AI score0.01773EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/17 12:0 a.m.•28 views

JVN#36205251: 365 Links series vulnerable to cross-site scripting

365 Links series provided by php365.com are link directory management tools. 365 Links series contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information...

4.3CVSS5.9AI score0.01161EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/04 12:0 a.m.•28 views

JVN#49672671: WisePoint vulnerable to session fixation

WisePoint provided by Falcon System Consulting, Inc. contains a session fixation vulnerability. Impact An attacker may impersonate a registered user. As a result, information may be disclosed or altered. Solution Update the Software Update to the latest version according to the information provid...

6.8CVSS6.2AI score0.01295EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/08/06 12:0 a.m.•28 views

JVN#32726697: GOM Player vulnerable to denial-of-service (DoS)

GOM Player provided by Gretech contains a denial-of-service DoS vulnerability due to an issue in processing an image file. Impact When processing a specially crafted image file, the player may not be launched. Solution Update the Software Update to the latest version according to the information...

4.3CVSS6.2AI score0.01523EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/04 12:0 a.m.•28 views

JVN#78136804: CN8000 vulnerable to denial-of-service (DoS)

CN8000 provided by ATEN is a remote access unit used to connect a keyboard, mouse and monitor to two or more computers in a remote location. CN8000 contains a denial-of-service DoS vulnerability. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the Firmware...

7.8CVSS6.5AI score0.01799EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/05/08 12:0 a.m.•28 views

JVN#68340046: intra-mart vulnerable to open redirect

intra-mart is a software framework for creating web applications. intra-mart contains an open redirect vulnerability. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Apply t...

5.8CVSS6.4AI score0.01168EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/11 12:0 a.m.•28 views

JVN#47386847: SD Card Manager vulnerable to directory traversal

SD Card Manager provided by apps4u@android contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has...

5.8CVSS6.9AI score0.01152EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/26 12:0 a.m.•28 views

JVN#71045461: Cybozu Garoon vulnerable to SQL injection

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the process of downloading files, which may result in SQL injection. Impact A user who can log in to the system may obtain or alter information on the system. Solution For Cybozu Garoon 3.7: Apply the Patch...

6.5CVSS7.1AI score0.0104EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/26 12:0 a.m.•28 views

JVN#48810179: Denny's App for Android. contains an issue where it fails to verify SSL server certificates

Denny's App for Android. contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

5.8CVSS6.1AI score0.00587EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/21 12:0 a.m.•28 views

JVN#24730765: Blackboard Vista/CE vulnerable to cross-site scripting

Blackboard Vista/CE is a learning management system LMS. Blackboard Vista/CE contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the...

4.3CVSS5.8AI score0.01773EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/10 12:0 a.m.•28 views

JVN#85716574: NeoFiler vulnerable to directory traversal

NeoFiler provided by SkyArts.com contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges to...

5.8CVSS6.6AI score0.01392EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/22 12:0 a.m.•28 views

JVN#97810280: KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates

KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by th...

5.8CVSS6.3AI score0.00582EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/07/11 12:0 a.m.•28 views

JVN#68773685: AQUOS PhotoPlayer HN-PP150 vulnerable to denial-of-service (DoS)

AQUOS PhotoPlayer HN-PP150 contains an issue in the processing of packets, which may lead to a denial-of-service DoS. Impact Network functions may be disabled by a remote attacker. Solution Update the Firmware Update to the latest version of firmware according to the information provided by the...

5CVSS6.4AI score0.01904EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/05/08 12:0 a.m.•28 views

JVN#61972596: Online Service Gate vulnerable in Office 365 password management

Online Service Gate provided by SoftBank Technology is a solution to manage the use of Office 365 which allows a system administrator to manage Office 365 users' passwords. Office 365 users' passwords are intended to be managed by a system administrator and cannot be obtained by users. OWA Helper...

4CVSS6.4AI score0.01174EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/04/26 12:0 a.m.•28 views

JVN#01313594: jigbrowser+ for Android vulnerable to address bar spoofing

jigbrowser+ for Android contains an issue when opening a new window, which may result in the address bar being spoofed. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update the software Update to the latest version...

5.8CVSS6.1AI score0.00946EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/04/11 12:0 a.m.•28 views

JVN#65034198: Sleipnir for Windows vulnerable to address bar spoofing

Sleipnir for Windows contains an issue in displaying colors and the padlock icon on the address bar, which may result in the address bar being spoofed. Impact A user may misinterpret that the website is using the SSL for communications even when the site is not using SSL. Solution Update the...

5CVSS6.2AI score0.01034EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/03/29 12:0 a.m.•28 views

JVN#01167429: OpenWnn for Android vulnerable to information disclosure

OpenWnn provided by OMRON SOFTWARE Co., Ltd. is a Japanese Input Method Editor IME. OpenWnn for Android contains an issue in the access permissions for certain files. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may...

4.3CVSS6.2AI score0.01031EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/01/31 12:0 a.m.•28 views

JVN#86040029: Weathernews Touch for Android stores location information in the system log file

Weathernews Touch provided by Weathernews Inc. is a weather forecast application. Weathernews Touch for Android contains a vulnerability that stores location information in the system log file. Impact Android applications with permissions to read system log files may obtain location information...

4.3CVSS6AI score0.00893EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/12/14 3:52 a.m.•28 views

Welcart vulnerable to cross-site request forgery

Overview Welcart contains a cross-site request forgery vulnerability. Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site request forgery vulnerability. Yoshinori Matsumoto of Kobe Digital Lab., Inc. reported this vulnerability to IP...

6.8CVSS6.5AI score0.0107EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/11/02 12:0 a.m.•28 views

JVN#55398821: Pebble vulnerable to open redirect

Pebble is an open source weblog system. Pebble contains an open redirect vulnerability. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the software Update to the...

5.8CVSS6.3AI score0.01305EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/15 8:14 a.m.•28 views

cforms II vulnerable to cross-site scripting

Overview cforms II contains a cross-site scripting vulnerability. cforms II provided by delicious days is a plugin for WordPress. cforms II contains a cross-site scripting vulnerability. Kousuke Ebihara and Yuya Watanabe of Tejimaya.inc reported this vulnerability to IPA. JPCERT/CC coordinated wi...

4.3CVSS6.1AI score0.04285EPSS
Exploits3References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/01 12:0 a.m.•28 views

JVN#98649286: CSWorks LiveData Service vulnerable to denial-of-service (DoS)

LiveData Service, a server component of CSWorks, contains an issue when processing TCP packets, which may lead to a denial-of-service DoS. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the software Update to the latest version according to the information...

5CVSS6.3AI score0.02351EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/13 12:0 a.m.•28 views

JVN#08307791: Plume vulnerable to cross-site scripting

Plume is a Content Management System CMS. Plume contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user that is logged in as administrator. Solution Update the Software Update to the latest version according to the information provide...

2.6CVSS5.8AI score0.00936EPSS
Exploits0
Total number of security vulnerabilities5000